Thank you for posting in Microsoft Q&A forum.
1,==>I am wondering if this is a conflict with our default GPO that is being applied to the device or if it is an issue with the device itself.
The conflict setting status in Intune means the BitLocker policy conflicts with another BitLocker Policy or Security baseline in Intune, it does nothing with GPO here.
We can use below two policy types to configure BitLocker on your managed devices, please check if there is any conflict policy:
Endpoint security disk encryption policy for BitLocker.
Device configuration profile for endpoint protection for BitLocker.
2,Some versions of the security baseline for Microsoft Defender for Endpoint will configure both Compatible TPM startup PIN and Compatible TPM startup key by default. These configurations might block silent enablement of BitLocker. If you deploy this baseline to devices on which you want to silently enable BitLocker, review your baseline configurations for possible conflicts.
In device profiles report, you may see per settings which configuration profiles are in conflicts to solve issue. The most case is when a baseline is different with a device profile for the same setting as example.
For more information, please refer to: Manage BitLocker policy for Windows devices with Intune
Thanks for your time. Have a nice day!
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.